I'm testing Elastic Endpoint on a handful of machines and one thing I noticed is that Avast Antivirus seems to trigger false positive file creation alerts. It sounds like this is the directory Avast will extract files into during a scan. Is there a way to tweak the Elastic Endpoint so these alerts are not generated?
Hi @0xDECAFBAD
Thanks for trying out Endpoint Security! This is a common issue antivirus programs have with each other. In 7.9 the way to avoid these alerts is to create an Endpoint alert exception that ignores all alerts generated by Elastic Endpoint from Avast activity.
In the near future we are adding a new feature to Endpoint Security, named Trusted Apps, that will give you an alternate way to tell Endpoint to ignore all activity from applications, including alerts.